Example 1 with AlgorithmSuiteType
use of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType in project cxf by apache.
the class SimpleBatchSTSClient method writeElementsForRSTSymmetricKey.
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer, boolean wroteKeySize) throws Exception {
byte[] requestorEntropy = null;
if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
addKeySize(keySize, writer);
}
if (requiresEntropy) {
writer.writeStartElement("wst", "Entropy", namespace);
writer.writeStartElement("wst", "BinarySecret", namespace);
writer.writeAttribute("Type", namespace + "/Nonce");
if (algorithmSuite == null) {
requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
} else {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
requestorEntropy = WSSecurityUtil.generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
}
writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));
writer.writeEndElement();
writer.writeEndElement();
writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
writer.writeCharacters(namespace + "/CK/PSHA1");
writer.writeEndElement();
}
return requestorEntropy;
}
Also used :
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
Example 2 with AlgorithmSuiteType
use of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType in project cxf by apache.
the class AbstractBindingBuilder method getEncryptedKeyBuilder.
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader);
encrKey.setIdAllocator(wssConfig.getIdAllocator());
encrKey.setCallbackLookup(callbackLookup);
encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encrKey.setStoreBytesInAttachment(storeBytesInAttachment);
Crypto crypto = getEncryptionCrypto();
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, token);
boolean alsoIncludeToken = false;
// Find out do we also need to include the token as per the Inclusion requirement
if (token instanceof X509Token && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER && encrKey.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE) {
alsoIncludeToken = true;
}
String encrUser = setEncryptionUser(encrKey, token, false, crypto);
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
encrKey.setSymmetricEncAlgorithm(algType.getEncryption());
encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encrKey.setMGFAlgorithm(algType.getMGFAlgo());
encrKey.prepare(crypto);
if (alsoIncludeToken) {
X509Certificate encCert = getEncryptCert(crypto, encrUser);
BinarySecurity bstToken = new X509Security(saaj.getSOAPPart());
((X509Security) bstToken).setX509Certificate(encCert);
bstToken.addWSUNamespace();
bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert));
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeaderElement(), bstToken.getElement());
bstElement = bstToken.getElement();
}
return encrKey;
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
WSSecEncryptedKey(org.apache.wss4j.dom.message.WSSecEncryptedKey)
BinarySecurity(org.apache.wss4j.common.token.BinarySecurity)
X509Token(org.apache.wss4j.policy.model.X509Token)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
X509Certificate(java.security.cert.X509Certificate)
X509Security(org.apache.wss4j.common.token.X509Security)
Example 3 with AlgorithmSuiteType
use of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType in project cxf by apache.
the class AbstractCommonBindingHandler method assertAlgorithmSuite.
protected void assertAlgorithmSuite(AlgorithmSuite algorithmSuite) {
if (algorithmSuite == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> algorithmSuiteAis = aim.get(algorithmSuite.getName());
for (AssertionInfo ai : algorithmSuiteAis) {
ai.setAsserted(true);
}
AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
String namespace = algorithmSuiteType.getNamespace();
if (namespace != null) {
Collection<AssertionInfo> algAis = aim.get(new QName(namespace, algorithmSuiteType.getName()));
if (algAis != null) {
for (AssertionInfo algAi : algAis) {
algAi.setAsserted(true);
}
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
QName(javax.xml.namespace.QName)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 4 with AlgorithmSuiteType
use of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType in project cxf by apache.
the class AsymmetricBindingHandler method doEncryptionDerived.
private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, AbstractToken encrToken, List<WSEncryptionPart> encrParts, AlgorithmSuite algorithmSuite) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
dkEncr.setIdAllocator(wssConfig.getIdAllocator());
dkEncr.setCallbackLookup(callbackLookup);
dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
dkEncr.setExpandXopInclude(isExpandXopInclude());
dkEncr.setWsDocInfo(wsDocInfo);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
if (encrKey == null) {
setupEncryptedKey(recToken, encrToken);
}
dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE);
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
dkEncr.prepare();
addDerivedKeyElement(dkEncr.getdktElement());
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
if (refList != null) {
insertBeforeBottomUp(refList);
}
return dkEncr;
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
return null;
}
Also used :
StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer)
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
Element(org.w3c.dom.Element)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 5 with AlgorithmSuiteType
use of org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType in project cxf by apache.
the class AbstractSTSClient method writeElementsForRSTSymmetricKey.
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer, boolean wroteKeySize) throws Exception {
byte[] requestorEntropy = null;
if (!wroteKeySize) {
addKeySize(keySize, writer);
}
if (requiresEntropy) {
writer.writeStartElement("wst", "Entropy", namespace);
writer.writeStartElement("wst", "BinarySecret", namespace);
writer.writeAttribute("Type", namespace + "/Nonce");
if (algorithmSuite == null) {
requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
} else {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
requestorEntropy = WSSecurityUtil.generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
}
writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));
writer.writeEndElement();
writer.writeEndElement();
writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
writer.writeCharacters(namespace + "/CK/PSHA1");
writer.writeEndElement();
}
return requestorEntropy;
}
Also used :
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
Aggregations
AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)25
AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)12
Element (org.w3c.dom.Element)12
SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)9
Reference (javax.xml.crypto.dsig.Reference)8
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)8
X509Token (org.apache.wss4j.policy.model.X509Token)8
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)7
QName (javax.xml.namespace.QName)6
WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)6
WSSecSignature (org.apache.wss4j.dom.message.WSSecSignature)6
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)6
SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)6
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)6
SOAPException (javax.xml.soap.SOAPException)5
Crypto (org.apache.wss4j.common.crypto.Crypto)5
WSSecDKSign (org.apache.wss4j.dom.message.WSSecDKSign)5
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
